» frameworkengine.exe
Overview
Analysis
File Details

frameworkengine.exe

Framework

Smart Apps

This is part of a distribution package that is classified as adware distributed by 50onRed. This adware is used to interact with the installed web browsers and inject ads and modify the default search and homepages. The application frameworkengine.exe by Smart Apps has been detected as adware by 10 anti-malware scanners. It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.

File name:

frameworkengine.exe

Publisher:

Smart Apps (signed and verified)

Product:

Framework

Description:

FrameworkEngine

Version:

1.1.0.0

MD5:

b8ec9644dff15c35d0f729e397ce0f11

SHA-1:

76c8546f4cf5501d828e8270c0d2e17c675e67e8

SHA-256:

e027a435626b3ada3f65c3e6e19844b9c73ae98608aac5557ad06774ef6ae061

Scanner detections:

10 / 68

Status:

Adware

Explanation:

Browser extension that injects additional advertisements (banner and text links) on web pages.

Analysis date:

4/16/2024 3:08:45 PM UTC (today)

Scan engine

Detection

Engine version

AVG

AdPlugin

2017.0.2834

Comodo Security

ApplicUnwnt

18815

Dr.Web

Trojan.Crossrider1.23053

9.0.1.045

ESET NOD32

Win32/AdWare.SmartApps.B application

10.7.0.302.0

IKARUS anti.virus

AdWare.Win32.Smartapps

t3scan.1.6.1.0

K7 AntiVirus

Adware

13.188.14395

NANO AntiVirus

Riskware.Win32.SmartApps.dgqcif

0.30.0.126

Reason Heuristics

Adware.GamePlayLabs.50OnRed (M)

16.2.14.1

Trend Micro House Call

TROJ_GEN.F47V0225

7.2.45

VIPRE Antivirus

GamePlayLabs

26240

File size:

242 KB (247,848 bytes)

Product version:

1.1.0.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\savings wizard\frameworkengine.exe

Digital Signature

Signed by:

Smart Apps

Authority:

Thawte, Inc.

Valid from:

3/25/2013 1:00:00 AM

Valid to:

3/26/2014 12:59:59 AM

Subject:

CN=Smart Apps, O=Smart Apps, L=Philadelphia, S=Pennsylvania, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

7CAFCF7841E5BDDF79F61691D678D0EC

File PE Metadata

Compilation timestamp:

11/14/2013 12:56:14 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:Zq42PsoK9OsWPS/hsuBab/HbJ/mT+Th09hpZQQ:Zl92PSpTM/N/y/KQ

Entry address:

0x18F51

Entry point:

E8, 67, 72, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 33, C9, 3B, 04, CD, F8, 4F, 43, 00, 74, 13, 41, 83, F9, 2D, 72, F1, 8D, 48, ED, 83, F9, 11, 77, 0E, 6A, 0D, 58, 5D, C3, 8B, 04, CD, FC, 4F, 43, 00, 5D, C3, 05, 44, FF, FF, FF, 6A, 0E, 59, 3B, C8, 1B, C0, 23, C1, 83, C0, 08, 5D, C3, E8, EB, 19, 00, 00, 85, C0, 75, 06, B8, 60, 51, 43, 00, C3, 83, C0, 08, C3, E8, D8, 19, 00, 00, 85, C0, 75, 06, B8, 64, 51, 43, 00, C3, 83, C0, 0C, C3, 8B, FF, 55, 8B, EC, 56, E8, E2, FF, FF, FF, 8B, 4D, 08... 
[+]

Code size:

154.5 KB (158,208 bytes)

Remove frameworkengine.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.